Category Archives: 12036

There’s a lot that can be achieved in a little bit of PowerShell (a single (pipe)line, even), and that brings with it a tendency to throw a solution together quickly. As the saying goes, though, with great power comes great responsibility, so you need to be careful.

Using -whatif and -confirm can help you to avoid hanging yourself, but you also need to do more thorough testing before you put a script into production (and yes, I’m talking to myself as much as anyone else here).

For example, I have tripped over a problem (and I know others who have done the exact same thing), where I wrote a PowerShell script that altered some objects in Active Directory. I had some dummy objects to test on and after a few itterations I had a script which manipulated them in just the way I wanted. I changed my input to the appropriate set of live objects and it all worked. Brilliant.

The trouble occurred when the script was run subsequently on a different set of input which referred to some objects which had previously been removed from Active Directory. I hadn’t tested the script with any input that referred to objects which didn’t exist. If you’d asked me ahead of time, I probably would have said that I’d expect the script would just ignore those rows in the input file. Most of the time that’s probably what would happen…

…except in this particular case, when no exact matching object was found, it dropped back to a WILDCARD MATCH!!! Cue a bunch of objects that shouldn’t have been touched, getting messed up in some inconvenient ways! 🙁

The first time this happened, it had everyone utterly perplexed. It was fixed with no understanding of the cause. The second time the same script did the same thing we worked it out, fixed the mess and the script. I subsequently saw a similar script create a similar problem for someone else, and I was able to help him remediate that situation before anyone noticed.

What those experiences hammered home for me was the need to formulate test input for my scripts very carefully. Don’t get me wrong, this wasn’t news for me, as I’m sure it isn’t for you, but the awareness of how much worse things might have been in those semi-disasters has helped me to formulate better testing, and I’m pleased to say that I haven’t had an avoidable problem caused by one of my scripts since then.

So, if there’s any chance that your script is going to face anything unexpected in the future, you need to test for it, and perhaps including some input cleansing in there. In your test input you should include some stuff that’s fine and your script shouldn’t alter, some things that your script should operate on, some duplicates, some things that don’t exist, and some stuff that just plain make no sense. Try to break it as much as you can (although be careful where you’re running it!).

Oh, and if there’s any chance that someone else may run your script in the future, make sure that you document what you know it works for, and what you haven’t tested. There might not be a need for you to test for every possible outcome today, but you don’t want someone coming and knocking on your door blaming you for something that you didn’t do, but didn’t test for either. You can at least make people aware of the scenario that you did test for, and let them know that you didn’t check that it wouldn’t blow things up if they decided to run it as domain admin instead!

My 2014 started out with the news that I’ve received my 4th Microsoft MVP Award for PowerShell, which contrasted wonderfully with the end of 2013 when I had a rather nasty fall and was lucky to not break a few bones (although I do still feel pretty sore).

I’ve learned from experience not to bother making New Year’s Resolutions, but going forward I do have a plan to work smarter (see my last post on The Phoenix Project) and to take advantage of working in a tall building to get some exerise up and down the stairs!

For those in or around North East England next Wednesday (28th August), I’m going to be doing a presentation at NEBytes on PowerShell 4.0, with a focus on Desired State Configuration.

If you haven’t heard of DSC before, it’s a really big deal – a new set of cmdlets and language extensions provide the ability to declaratively specify the configuration of your environment and maintain the desired state of your systems.

I’m going to cover what DSC can do for you, showing how to define and deploy configuration scripts, as well as touching on some of the other new features of PowerShell 4.0.

If you’ve read very much of my blog, you’ll know that I’m a big fan of the annual Scripting Games, where challenges are set for beginners and advanced scripters, to be solved in PowerShell. The reason I like this event so much, apart from enjoying a challenge, is that it’s an excellent way to learn, regardless of your level of proficiency.

The great thing about the Scripting Games is that you can have a go at solving each problem and then see an expert solution to compare your efforts with. Even if you’re really competing at the advanced level, you’re likely to learn something from that, and if you’re just a beginner, then there’s no better way to learn that to try to solve a problem and being shown by an expert the best way to do it.

The 2013 event kicks off today, and I strongly recommend you take part if you have the time. If you don’t have time to do it right now, then there’s nothing stopping you having a go after the competition has ended – just make sure that you give the challenges a try before you look at the expert solutions.

I’ve been re-writing some automated processes around user account lifecycle recently, making use of the Active Directory PowerShell module on Windows Server 2012. Most recently this involved removing a large number of expired user accounts. On the first attempt of trying to remove the user objects I was receiving this error for a number of them, seemingly at random:

Remove-ADObject : The directory service can perform the requested operation only on a leaf object

So why would a user object in AD not be a leaf object? It turns out that when a user connects a device to Exchange with EAS, there’s an AD object created for that device inside the user object and that is what is stopping the user being a leaf object.

You might search for this and find advice on using Remove-ActiveSyncDevice before you remove the user. The trouble with that is that if you’ve got multiple versions of Exchange running in your org, then you might find that you can’t remove the ActiveSyncDevice for all your users with the same method.

It doesn’t matter anyway because the point is that the user isn’t a leaf; it has turned into a container, so what do you need to do to delete a container? Simply do a recursive remove. In the case of what I’ve been doing, this does the job:

When PowerShell version 3 arrived, the news that there wouldn’t be any built-in help was initially met by a load of groans, since it had been one of the first things that anyone would tell you to look at when you’re trying to learn PowerShell. Since then, Microsoft has explained the problems with in-the-box help, and I think that most people have come round to thinking that updateable help is, on balance, the better option.

This week we’re seeing the real-world benefits of that with the first significant update to the help. If you run PowerShell as administrator and run Update-Help, you’re going to get new content for the PowerShell core and workflow help. There’s updated help content for the cmdlets and 112 About topics.

The update only applies to the en-US culture so far. Expect it to be localised to other cultures before too long.

Idera’s award winning integrated devlopment environment PowerShell Plus has dropped the price tag and is now free for anyone to download and use.

As well as being a great tool for writing scripts and running PowerShell interactively, it’s comes with a boat load of code snippets and built-in learning resources for beginners as well as advanced features for power users.

If, like me, you’ve been keenly awaiting RSAT for Windows 8, there’s been a spot of confusion lately. Some people were declaring that the RTM tools were available even though the page was clearly labelled “Release Preview”, then the page disappeared from the Microsoft Download Center completely. Happily though, the wait is over and you can now download 32- or 64-bit versions:

This is good news for people who want to use the new Server Manager to manage their infrastructure from their desktop (Windows Server 2012 will work natively, obviously, and you can add support to Windows Server 2008 R2 SP1 and Windows Server 2008 SP2 servers by installing WMF 3.0 on them). It’s even better news for people who want the PowerShell modules that come with Windows Server 2012 on their desktop!

Along with the launch of Windows Server 2012* yesterday, Microsoft released the Windows Management Framework 3.0 for some downlevel clients. In the package you get PowerShell 3.0, and updated versions of WMI and WinRM for Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2. If you were looking for support on XP and Vista you are out of luck.

WMF 3.0 also contains the Server Manager CIM Provider that you’re going to need on your 2008 R2 SP1 and 2008 SP2 servers if you want to manage them with the new Server Manager in Windows Server 2012 or Remote Server Admin Tools for Windows 8 (RSAT for Win8 is yet to reach RTM).

* Make sure you click that link to the online launch event; windows-server-launch.com has a load of learning resources for Microsoft’s amazing new Server release, especially around management and virtualisation.

Last week I had the chance to chat with Jonathan Medd and Alan Renouf on Episode 31 of the Get-Scripting Podcast, which is now available to download. We had a great time recording and covered a lot of ground with PowerShell version 3, so it runs long, but I hope you’ll get as much out of listening to it as we did recording it!

During the recording, I mentioned some Quick Reference Guides, put together by the great guys at PowerShellMagazine.com, but hosted by Microsoft. Microsoft have added a couple more guides since I last looked, so you should definitely check them out.